X.509: If available, use the raw subjKeyId to form the key description - linux-crypto.git

diff options

author	David Howells <dhowells@redhat.com>	2014-10-03 16:17:02 +0100
committer	David Howells <dhowells@redhat.com>	2014-10-03 16:17:02 +0100
commit	6730820e44bab3648430513b190db60e6cebf3a0 (patch)
tree	5f6476a53355b7fd6ea92ef8ed977812da887e0c /crypto/async_tx
parent	183af51250375a86ad2957690eef4f27f03769ce (diff)
download	linux-crypto-6730820e44bab3648430513b190db60e6cebf3a0.tar.gz linux-crypto-6730820e44bab3648430513b190db60e6cebf3a0.zip

X.509: If available, use the raw subjKeyId to form the key description

Module signing matches keys by comparing against the key description exactly. However, the way the key description gets constructed got changed to be composed of the subject name plus the certificate serial number instead of the subject name and the subjectKeyId. I changed this to avoid problems with certificates that don't *have* a subjectKeyId. Instead, if available, use the raw subjectKeyId to form the key description and only use the serial number if the subjectKeyId doesn't exist. Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: David Howells <dhowells@redhat.com>

Diffstat (limited to 'crypto/async_tx')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: